Monthly Archives: March 2014

Convergence and Security will Drive Internet-of-Things Proliferation

By: Jonah McLeod, Dir. of Corp. Mkt. Comm. at Kilopass Technology Inc.

Tony Massimini has been digging into the Internet of Things (IoT) and has come up with some interesting findings.  Semico Research released two reports in January this year “What Does the Internet of Things Need to Grow?” and “The Internet of Things, Augmented Reality, and Sensor Fusion,” detailing what he has learned. You can also get the latest at the SemiCo IMPACT Event on April 23rd at the Biltmore Hotel in Santa Clara, California.  In describing the problems confronting this potentially huge market opportunity everyone keeps referring to as the IoT, he cited a lack of unifying platform to bring a number of divergent solutions together and security as the two obstacles that need to be hurdled.

The IoT is actually a collection of siloed solutions:  industrial control, personal electronics, home automation, etc., he noted.  For example, industrial control, which began as a wired solution to link equipment for food, plastic, or metal casting processing and production line conveyors, machine doors, part loading, etc. has numerous communication schemes for example, CANOpen, DeviceNet, FOUNDATION Fieldbus, Interbus-S, LonWorks, Profibus-DP, and SDS.  Home automation— scheduling and automatic operation of water sprinkling, heating and air conditioning, window coverings, security systems, lighting, etc.—is being fought over by wireless solutions including WiFi, Zigbee, Z-Wave, and BlueTooth as well as wire solutions including HomePlug (over AC wiring) and HomePNA (over phone lines).

Massimini believes the unifying force bringing these disparate communications schemes together is the Internet Protocol version 6 (IPv6), the latest version of the Internet Protocol (IP).  The communications protocol provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. If Cisco’s estimate of 25 billion devices connected to the Internet by 2015 and 50 billion by 2020, IPv6 is not a minute too soon. As to how these billions of IoT devices will communicate, Massimini cites the emergence of reference designs from OEMs including Qualcomm, Broadcom, TI, Freescale, ST, and others that provide intelligent gateways to bring all these devices together and provide IPv6 traffic to where ever on the network.

Once that problem is solved, Massimini sees an even greater one rearing its head: security. The cautionary tale he uses to illustrate this danger is the hacking attack that showed the gaping hole in retailer Target’s network security.  The attack originated from Fazio Mechanical Services (FMS), a Sharpsburg, PA-based heating, ventilation, and air conditioning (HVAC) systems that contracted to Target to provide not only HVAC installation and maintenance but also to monitor and control the environment with Target’s retail outlets. The HVAC system can be accessed via an IP address.  Somehow the hackers acquired the encryption key from FMS required to access Target network connecting point-of-sales (POS) terminals and were able to plant malware that copied every credit card transaction in the POS terminal where it was collected and transmitted the information to servers located at different locations around the globe.

According to the Symantic white paper, “A Special Report on Attacks on Point of Sales Systems” this is not an uncommon occurrence as the software to pull this off is readily available on the web and the incidence are not new as the first happened in 2005, when 170 million card numbers were stolen.  Since the POS system cannot be network-segmented from other networks, Massimini says the solution that seems to be emerging is the replacement of magnetic strip credit and debit cards with smart cards like those used in Europe that employ the Europay, Mastercard and VISA (EMV) set of standards for card payments.  EMV employs an embedded processor with strong transaction security features to protect card data.

Massimini says this lesson hasn’t been lost on OEMs building intelligent IoT gateways and devices who are incorporating crypto engines of their own design in the microcontrollers controlling these products.  This additional security may be late in coming as attacks are already beginning to occur in home according to  Proofpoint, Inc.  The security-as-a-service provider based in Sunnyvale CA claimed to have discovered the first proven Internet of Things (IoT)-based cyberattack.  The company’s press release reported 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets—home-networking routers, connected multi-media centers, televisions and at least one refrigerator—that had been used to launch attacks.

Implementing more layers of security in the end devices and the gateways they connect to will be costly.  The commercial segments are most likely to accept this cost since there is an immediate benefit to the bottom line.  Providing more security for consumer devices is problematic.  The intelligent gateways for home will need to be the first line of defense.  Keeping these security measures up to date will be another business service.

The Internet of Things is just the latest incarnation in the evolution of computers and communications. As the consumer demand grows for the benefits provided by smart connected devices, hardware and software vendors will build the affordable secure devices these consumers will buy.